Razer USA Website Detected With Trojan-ridden Drivers

Security experts have detected that the website of Razer USA, hardware manufacturer for computer gamers, has been compromised, and support sites of the hacked website are being used to distribute Trojan horse programs.

Giving details on the functioning of this spam, Ferguson told that the Trojan became activated when users clicked on a link to download drivers from the compromised website. A recent analysis done by VirusTotal suggests that the malware is identified by only seven among the 41 major anti-virus products. Further, the Trojan led users to download a malicious file named usbctl.exe. This file installed another piece of malware WORM.ASPXOR.AB in the directory of the computer system, as per the news published by The Register on September 21, 2009.

In addition, to make things worse, gamers frequently deactivate their anti-virus protection to enhance the speed of gameplay, and hence, some of the victims miss out the chance to detect the Trojan.

On the basis of users' grievances, Ferguson firmly believes that most probably, the malicious trojans were available on Razer's website for a few days only. He also warned that users might be at risk.

Further, company spokesman, Heathcliff Hatcher couldn't exactly make out what went wrong with the site that gave rise to malicious downloads, as reported by PCWorld on September 22, 2009.

Razer's main website was found active till the afternoon of September 21, 2009; however, as already mentioned, its support site was taken offline. Users were welcomed with the message that for the time being, company had to bring Razer Support down to fix the problem.

Hatcher further said that the investigations are still going on as the issue is of due concern for the company, which is clear from the company's move to take the support site offline, reported The Register on September 21, 2009.

Security experts are still not sure if it's a case of security breach that had occurred on the systems of other company or if Razer's website had been hacked. They said that it's nearly impossible to know this.